Home / Vulnerability Intelligence / CVE-2026-1618

CVE-2026-1618 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: February 13, 2026

Universal Software Inc. FlexCity/Kiosk - Authentication Bypass

Published: February 13, 2026Updated: February 13, 2026Remote Exploitable

Overview

Universal Software Inc. FlexCity/Kiosk >= 1.0 and < 1.0.36 contains an authentication bypass using an alternate path or channel, letting attackers escalate privileges, exploit requires bypassing normal authentication mechanisms.

Severity & Score

Severity: High

CVSS Score: 8.8

EPSS Score: 5.5%(Probability of exploitation in next 30 days)

Impact

Attackers can bypass authentication to escalate privileges, potentially gaining unauthorized access to sensitive functions.

Mitigation

Upgrade to version 1.0.36 or later.

References

https://www.usom.gov.tr/bildirim/tr-26-0065

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Feb 13, 2026

🟠 CVE-2026-1618 - High (8.8) Authentication Bypass Using an Alternate Path or Channel vulnerability in Universal Software Inc. FlexCity/Kiosk allows Privilege Escalation.This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36. 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1618/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-1618
Severity: High
CVSS Score: 8.8
Type: broken_authentication
Status: unconfirmed
EPSS: 5.5%
Social Posts: 1

CWE

CWE-288

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

5.5%Probability of exploitation in the next 30 days